Security News

​Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to...

Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall. [...]

A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...]

Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. DocGo is a healthcare provider that offers mobile health services, ambulance services, and remote monitoring for patients in thirty US states and across the United Kingdom.

BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission over allegations of misusing and sharing consumer health data for advertising purposes. The data included included email addresses, IP addresses, answers from preliminary health questionnaire during sign-up process, which came with a promise of not disclosing personal health info outside limited purposes, like counseling services.

Non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin has disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals. "On February 9, 2024, during our investigation, we discovered indications that the attacker had copied some of GHC-SCW's data, which included protected health information. Our discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing our data."

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. Heidell, Pittoni, Murphy and Bach represents New York City area hospitals in litigation and maintains sensitive private information from patients, including dates of birth, social security numbers, health insurance information, medical history, and/or health treatment information.

New York law firm Heidell, Pittoni, Murphy and Bach has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world. New York Attorney General Letitia James, who brought the lawsuit against the lawyers, blamed HPMB's poor data security practices for the privacy breach.

Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web. Szpindor called the incident "a significant data breach" that exposed the personal identifiable information of thousands of DC Health Link employees and warned the Representatives that their data may have been compromised.

The Federal Trade Commission has proposed to ban the online counseling service BetterHelp from sharing its customers' sensitive mental health data with advertising networks and marketers. A settlement between the FTC and BetterHelp also requires the company to pay $7.8 million as restitution to its users whose sensitive data has been shared with third parties such as Facebook and Snapchat.